1 / 46

Trust² - Information rights management with eID

Trust² - Information rights management with eID. Kris De Sloovere Project Manager Trust² - RMS consultant Certipost www.certipost.be. About Trust2. Joint initiative of Microsoft and Certipost

marsha
Download Presentation

Trust² - Information rights management with eID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Trust² - Information rights management with eID Kris De Sloovere Project Manager Trust² - RMS consultant Certipost www.certipost.be

  2. About Trust2 • Joint initiative of Microsoft and Certipost • Trustworthy Information Exchange for any users of any Windows based applications seeking to protect the privacy of information

  3. Agenda • Information rights management • Trust² for Office demo • Trust² architecture • Software integration tools • Code example • How to start • Summary

  4. Yes People No Today’s Information Protection File Access Control List File

  5. Yes Yes People People No The solution: Information Rights Management File Information Rights Management Do not forward Do not Copy …. Access Control User Management

  6. Information Rights Management + eID authentication =

  7. Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails

  8. Content Distributor

  9. Content Recipient

  10. Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails

  11. Windows RMS Workflow • Author receives a client licensor certificate the “first time” they rights-protect information. Active Directory SQL Server • Author defines a set of usage rights and rules for thier file; Application creates a “publishing license” and encrypts the file. RMS Server • Author distributes file. 4 1 • Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license.” 2 5 3 • Application renders file and enforces rights. Information Author The Recipient

  12. RMS certificates • Account certificate: • Contains identity • Client licensor certificate • Enables offline protected document creation • Publishing license • Expresses the rights • Use license • Permit to open documents

  13. RMS certificates Account certificate Account certificate Information Author Publishing license Client licensor certificate The Recipient Use license

  14. Safeguard financial, legal, HR content • Set level of access: view, print, export • View Office 2003 rights protected info Protect Sensitive Files • Control access to sensitive plans • Set level of access: view, change, print, etc. • Determine length of access Do-Not-Forward Email • Keep Executive e-mail off the Internet • Reduce internal forwarding of confidential information • Templates to centrally manage policies Safeguard Intranet Content Windows RMS Usage Scenarios Keep Internal Information Internal

  15. RMS rights extensions • Protect your application’s content • Basic rights • Can read • Can modify • Is owner • Can print, can copy paste,… • Custom rights • E.g. can rotate drawing, can play audio,… • Based on XRML

  16. Trust² architecture • Trust² server • Windows RMS server • Trust² eID authentication layer - OCSP • Trust² online user registration • Trust² user registration XML WS • Client • Windows RMS client • Trust² enabled software: • MS Office 2003 Professional • MS IE Rights Management Add-on

  17. Trust² architecture ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application

  18. Software integration tools • Information rights management: • RMS Client SDK • Windows 2000 Service Pack 3, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP • RMS Server SDK • Windows Server 2003 • RMS Security Guidelines.doc • Trust² user registration • Trust² registration WS

  19. RMS client SDK

  20. Demo RMS client SDK ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application

  21. RMS certificates Account certificate Account certificate Information Author Publishing license Client licensor certificate The Recipient Use license

  22. Demo RMS client SDK • User is Trust² registered • RMS User activation: • Obtain ‘user account certificate’ • Basic RMS user certificate • Necessary to obtain • Publishing license • Use license

  23. Demo RMS client SDK // Create a client session for the user (group identity) // to be activated hr = DRMCreateClientSession ( &OnStatus, 0, DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, wszUserId, // User Id &hClient ); …….. // if bMachine is true do Machine Activation else do Group Identity Activation hr = DRMActivate( hClient, (bMachine ? DRM_ACTIVATE_MACHINE : DRM_ACTIVATE_GROUPIDENTITY)|DRM_ACTIVATE_SILENT, 0, E_FAIL == hr ? NULL : pSvr, &hEvent, NULL ); Email address Trust² server Automatic eID pop up

  24. Trust² user authentication • eID as primary token • Other X509 tokens supported • Custom synchronisation of identity management systems through the Trust² user registration WS

  25. How to start • Request your test development account to Trust2 • Two free test accounts with Send/Recipient rights with 6 months validity • Developers support line • Ticketing based • Seminars and Training courses SIMPLY MAIL ISV@TRUST2.COM OR visit www.trust2.com

  26. Conclusion: key message • eID is powerfull e-authentication and e-Signing infrastructure • Trust2 enables applications and web-sites to rely upon this infrastructure and Information Rights Management • Trust2 is an unique aggregation of all security and trust components to build digital workflows • Trust2 Development Kit available • Office2003 today, your application tomorrow?

  27. Trust² www.trust2.com RMS client and SDK’s: www.microsoft.com/rms Meer informatie:

  28. Q&A

More Related